Collaborate to protect the whole of your state and local resources
In the sports world, it is said that offense wins games, but defense wins championships. With the best soccer (or global football if you prefer) teams in the world competing for glory, you can see that idea in action. The whole team must move as one on defense. Everyone has a role to play. And while they each have a perspective on what’s happening, they need to share the same operational picture of the game so they can avoid opening any holes in their lines. Meanwhile, the opponent is trying to disguise their intentions so they can exploit the holes that exist.
It’s a good analogy for what’s happening at the state and local level in cybersecurity. Lumen is a proponent of “whole of state security” strategies. We evangelize it in many forums such as this recent webcast.
Put simply, whole of state security is exactly what it sounds like. All the authorities within a state work together on cybersecurity. They work together to prevent attacks, help each other contain any breaches and eradicate bad actors from their networks and systems. Everyone has the same operating picture, from the small city IT person to the state’s top security analysts.
Some call it a new idea, but I view it as a natural part of protecting citizens in the modern world. State and local law enforcement cooperating to catch a criminal after the fact is nothing new or exotic. Citizens simply expect it. Security should be no different – and with a coordinated team it can be proactive.
It’s a more urgent priority because technology is now central to the way governments at all levels provide services to citizens. Everything is connected to everything else. The state health agency is connected to local public health providers. Law enforcement agencies are connected up to the state and to each other horizontally. Even the lottery terminals at gas stations are connected to state databases and on and on. In a connected world, a breach anywhere can be a threat everywhere. State governments, local governments, critical infrastructure suppliers, higher education and others within a state’s borders should be part of a joint task force on security.
You have to protect all the pieces to protect the whole. Collaboration is the only way forward.
A virtuous cycle: Protecting the whole and the pieces
Before coming to Lumen, I was chief information security officer (CISO) for the state of Washington. I know the challenges of implementing this model because I’ve seen it up close.
The first challenge that should be addressed is cultural. Local officials can see the state as “big government” usurping local control and pushing aside officials dedicated to their communities. The mirror image of that challenge is that it’s easy for state people to be so concerned about the lack of resources in some localities that they unwittingly act like those big government stereotypes without intending it.
A task force needs to create an environment where everyone can set all that aside and be honest. Here’s what we can contribute. Here’s where we need help. These are the pathways that connect us to everyone else at this table. No one can take the view that they are too remote or inconsequential to be a target because they can be a gateway to other assets anywhere in the state.
In that environment, you can start dealing with harsh realities. States deal with billions of security events every day. Every state is at a different level of maturity, and different parts of a state will be at different levels of maturity. Any plan will be subject to budget cycles. Local IT staff wear many hats, with security being only one of them. And there is a chronic shortage of security specialists across the economy.
The good news
There is some good news in this focus on cybersecurity. You don’t need to reinvent wheels. There are states – New York, for instance – with highly developed coordination programs that you can learn from. Industry partners like Lumen work on major security programs for governments and enterprises large and small, so best practices can be cross-pollinated.
Federal funding is available to help with costs and the vagaries of budget cycles. Execute what you can and set priorities for further efforts. You might not be able to do everything at once but raising the capabilities of the state as a whole helps everyone.
Now is the time to act. Just like those soccer teams competing in the desert, the defense needs to be right all the time. But, the opponent only needs to be right once.
Let’s get together to assess your game plan.
Collaboration between state and local agencies is the only way forward.
Learn more about Lumen security solutions for the public sector click here.
This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either expressed or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. This document represents Lumen products and offerings as of the date of issue.